Skip to main content


Showing posts from June, 2011

Two factor authentication

Two factor authentication, how hard can it be? Two factor authentication has two components: something you know, and something you have. Something you know is usually username&password and gives you the first factor. Something you have is a second factor and it isn't usually implemented. One can argue that private/public key encryption is strong, but it's not two-factor authentication into the computer systems. An ssh key or SSL certificate can be password protected, but it's still just a file on the computer usually. And you don't want someone to compromise user's laptop, take as long as they need to decrypt the password and use that to get access to your intranet. The criteria are: two-factor authentication open standard vendor independent free software stack available secure user friendly low-cost So let's start running down the systems available today for the two factor authentication: Smartcards / Tokens using PKCS #11 API & PKCS #15 stan